8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.008 Low
EPSS
Percentile
81.2%
Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues: - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258) - The TDStretch::acceptNewOverlapLength function in source/SoundTouch/ TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file (CVE-2017-9259). - The TDStretchSSE::calcCrossCorr function in source/SoundTouch/ sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file (CVE-2017-9260). - Reachable assertion in RateTransposer::setChannels() causing denial of service (CVE-2018-14044). - Reachable assertion in FIRFilter.cpp causing denial of service (CVE-2018-14045). - Assertion failure in BPMDetect class in BPMDetect.cpp (CVE-2018-17096). - Out-of-bounds heap write in WavOutFile::write() (CVE-2018-17097). - Heap corruption in WavFileBase class in WavFile.cpp (CVE-2018-17098). - Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile ::readHeaderBlock() potentially leading to code execution (CVE-2018-1000223). The bundled copy of SoundTouch was updated to version 2.1.2, thereby solving theses issues in Dolphin Emulator.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | dolphin-emu | < 5.0.11824-1 | dolphin-emu-5.0.11824-1.mga7.tainted |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.008 Low
EPSS
Percentile
81.2%